New Android Malware Loapi Attacks Phones in Five Different Ways

Android phones have always remained the soft target of malicious threat actors since every now and then we hear about a new malware strain hitting innocent android users. The same has happened in this case where a new malware is targeting Android phones.

This particular malware, dubbed as Loapi, is an evil piece of code that can perform five different malicious activities including mining cryptocurrencies, conducting DDoS attacks and causing the phone’s battery to the bulge that leads to the destruction of the phone after few days of its installation.

It also runs an advertising fraud scheme; the victim feels that they are visiting advertisers’ web pages and every time an ad is clicked the advertiser is paid some amount. Through the capability of mining Monero, the malware runs web requests and signing the device for different subscription services whenever the attacker sends a command.

The malware was discovered by Kaspersky Labs researchers and given the wide range of malicious functions that it performs researchers are claiming it to be Jack of All Trades. Loapi has a complex modular structure that is different from other malware that have attacked Android devices so far. It contains an advertising module, proxy module, texting module and Monero mining module. Moreover, this threatening malware is capable of evading detection as well.

“We’ve never seen such a ‘jack of all trades’ before,” researchers from Kaspersky wrote in their official blog post published on Monday.
Over 20 malicious apps that are downloaded from third-party platforms and are mostly mobile antivirus or adult apps are responsible for infecting Android phones with Loapi. Victims are lured towards these apps through misleading advertisements. The user is bombarded with never-ending popups and there comes a time when the victim gives in to whatever the malware is requesting for, which usually is getting admin rights. When the rights are acquired, the malware deletes the antivirus to avoid detection. When the user tries to deactivate the administrator account, the Loapi-infected apps close the Settings menu and the device has to be booted in Safe Mode to delete Loapi.